package com.hy.admin.security;

import org.apache.commons.lang3.StringUtils;
import org.aspectj.weaver.ast.And;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

import com.hy.admin.security.config.CustomAccessDeniedHandler;
import com.hy.admin.security.config.HyAuthenctiationFailureHandler;
import com.hy.admin.security.config.HyAuthenticationSuccessHandler;
import com.hy.admin.security.config.MyPasswordEncoder;
import com.hy.admin.security.service.impl.MyUserDetailService;

@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

	@Autowired
    private MyUserDetailService userDetailsService;
	
	@Value("${authorize.urls}")
	private String urls;
	
	@Autowired
	private HyAuthenctiationFailureHandler hyAuthenctiationFailureHandler;
	
	@Autowired
	private HyAuthenticationSuccessHandler hyAuthenticationSuccessHandler;
	
	@Autowired
    private CustomAccessDeniedHandler customAccessDeniedHandler;
	
	public static final MyPasswordEncoder PWD_ENCODER_MD5 = new MyPasswordEncoder("MD5");
	
	@Bean
    public PasswordEncoder passwordEncoder() {
        return PWD_ENCODER_MD5;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        auth.authenticationProvider(authenticationProvider());
    }
    
	
	@Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
	
	@Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsService);
        authenticationProvider.setPasswordEncoder(passwordEncoder());
//        authenticationProvider.setSaltSource(saltSource());
        return authenticationProvider;
    }
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		.requestMatchers()
		.antMatchers("/page/**")
		.and()
		.logout()
    	.logoutUrl("/logout")
        .logoutSuccessUrl("/page/admin/")
        .and()
		.formLogin()
	      .loginPage("/page/teacher/")
	      .loginProcessingUrl("/page/login")
	      .failureHandler(hyAuthenctiationFailureHandler)
		  .successHandler(hyAuthenticationSuccessHandler)
		  .and()
		  .authorizeRequests()
		  .antMatchers("/page/admin/",
				  "/page/admin",
		    		  "/login",
		    		  "/js/**","/css/**",
		    		  "/images/**","/scripts/**",
		    		  "/page/teacher/",
		    		  "/page/teacher",
		    		  "/page/teacher/logout",
		    		  "/page/teacher/login",
					  "/page/weixin/",
					  "/page/weixin",
					  "/page/weixin/login",
					  "/signout",
					  "/page/course/**",
				      "/page/share/**")
		   .permitAll()
		   .and()
		   .authorizeRequests()
		   .antMatchers("/page/teacher/**").hasRole("TEACHER")
		   .antMatchers("/page/admin/**").hasRole("ADMIN")
		   .antMatchers("/page/weixin/**").hasRole("WEIXIN")
		   .antMatchers("/page/**").authenticated()
		   .and()
		   .exceptionHandling()
		   .accessDeniedHandler(customAccessDeniedHandler)
		   .and()
		   .csrf()
		   .disable();

	}
	
	@Bean
	public AuthenticationSuccessHandler successHandler() {
        SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler();
        successHandler.setUseReferer(true);//设为true就会自动跳转到登入页面
        return successHandler;
    }
	
}
